2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1998-2003 The OpenLDAP Foundation.
5 * Portions Copyright 2003 Mark Benson.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted only as authorized by the OpenLDAP
12 * A copy of this license is available in file LICENSE in the
13 * top-level directory of the distribution or, alternatively, at
14 * <http://www.OpenLDAP.org/license.html>.
16 /* Portions Copyright (c) 1996 Regents of the University of Michigan.
17 * All rights reserved.
19 * Redistribution and use in source and binary forms are permitted
20 * provided that this notice is preserved and that due credit is given
21 * to the University of Michigan at Ann Arbor. The name of the University
22 * may not be used to endorse or promote products derived from this
23 * software without specific prior written permission. This software
24 * is provided ``as is'' without express or implied warranty.
27 * This work was originally developed by the University of Michigan
28 * (as part of U-MICH LDAP). Additional significant contributors
34 * ldap_op.c - routines to perform LDAP operations
41 #include <ac/stdlib.h>
44 #include <ac/string.h>
47 #include <ac/unistd.h>
49 #define LDAP_DEPRECATED 1
51 #include "lutil_ldap.h"
54 /* Forward references */
55 static struct berval **make_singlevalued_berval LDAP_P(( char *, int ));
56 static int op_ldap_add LDAP_P(( Ri *, Re *, char **, int * ));
57 static int op_ldap_modify LDAP_P(( Ri *, Re *, char **, int * ));
58 static int op_ldap_delete LDAP_P(( Ri *, Re *, char **, int * ));
59 static int op_ldap_modrdn LDAP_P(( Ri *, Re *, char **, int * ));
60 static LDAPMod *alloc_ldapmod LDAP_P(( void ));
61 static void free_ldapmod LDAP_P(( LDAPMod * ));
62 static void free_ldmarr LDAP_P(( LDAPMod ** ));
63 static int getmodtype LDAP_P(( char * ));
64 static void dump_ldm_array LDAP_P(( LDAPMod ** ));
65 static int do_bind LDAP_P(( Ri *, int * ));
66 static int do_unbind LDAP_P(( Ri * ));
70 * Determine the type of ldap operation being performed and call the
71 * appropriate routine.
72 * - If successful, returns DO_LDAP_OK
73 * - If a retryable error occurs, ERR_DO_LDAP_RETRYABLE is returned.
74 * The caller should wait a while and retry the operation.
75 * - If a fatal error occurs, ERR_DO_LDAP_FATAL is returned. The caller
76 * should reject the operation and continue with the next replication
93 if ( ri->ri_ldp == NULL ) {
94 lderr = do_bind( ri, &lderr );
96 if ( lderr != BIND_OK ) {
97 return DO_LDAP_ERR_RETRYABLE;
101 switch ( re->re_changetype ) {
103 lderr = op_ldap_add( ri, re, errmsg, errfree );
104 if ( lderr != LDAP_SUCCESS ) {
106 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
107 "Error: ldap_add_s failed adding \"%s\": %s\n",
108 *errmsg ? *errmsg : ldap_err2string( lderr ),
111 Debug( LDAP_DEBUG_ANY,
112 "Error: ldap_add_s failed adding \"%s\": %s\n",
113 *errmsg ? *errmsg : ldap_err2string( lderr ),
120 lderr = op_ldap_modify( ri, re, errmsg, errfree );
121 if ( lderr != LDAP_SUCCESS ) {
123 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
124 "Error: ldap_modify_s failed modifying \"%s\": %s\n",
125 *errmsg ? *errmsg : ldap_err2string( lderr ),
128 Debug( LDAP_DEBUG_ANY,
129 "Error: ldap_modify_s failed modifying \"%s\": %s\n",
130 *errmsg ? *errmsg : ldap_err2string( lderr ),
137 lderr = op_ldap_delete( ri, re, errmsg, errfree );
138 if ( lderr != LDAP_SUCCESS ) {
140 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
141 "Error: ldap_delete_s failed deleting \"%s\": %s\n",
142 *errmsg ? *errmsg : ldap_err2string( lderr ),
145 Debug( LDAP_DEBUG_ANY,
146 "Error: ldap_delete_s failed deleting \"%s\": %s\n",
147 *errmsg ? *errmsg : ldap_err2string( lderr ),
154 lderr = op_ldap_modrdn( ri, re, errmsg, errfree );
155 if ( lderr != LDAP_SUCCESS ) {
157 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
158 "Error: ldap_modrdn_s failed modifying %s: %s\n",
159 *errmsg ? *errmsg : ldap_err2string( lderr ),
162 Debug( LDAP_DEBUG_ANY,
163 "Error: ldap_modrdn_s failed modifying %s: %s\n",
164 *errmsg ? *errmsg : ldap_err2string( lderr ),
172 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
173 "Error: bad op \"%d\", dn = \"%s\"\n",
174 re->re_changetype, re->re_dn, 0 );
176 Debug( LDAP_DEBUG_ANY,
177 "Error: do_ldap: bad op \"%d\", dn = \"%s\"\n",
178 re->re_changetype, re->re_dn, 0 );
180 return DO_LDAP_ERR_FATAL;
184 * Analyze return code. If ok, just return. If LDAP_SERVER_DOWN,
185 * we may have been idle long enough that the remote slapd timed
186 * us out. Rebind and try again.
193 return DO_LDAP_ERR_FATAL;
195 case LDAP_SERVER_DOWN: /* server went down */
196 (void) do_unbind( ri );
199 } while ( retry > 0 );
201 return DO_LDAP_ERR_RETRYABLE;
207 * Perform an ldap add operation.
218 int nattrs, rc = 0, i;
219 LDAPMod *ldm, **ldmarr;
226 * Construct a null-terminated array of LDAPMod structs.
229 while ( mi[ i ].mi_type != NULL ) {
230 ldm = alloc_ldapmod();
231 ldmarr = ( LDAPMod ** ) ch_realloc( ldmarr,
232 ( nattrs + 2 ) * sizeof( LDAPMod * ));
233 ldmarr[ nattrs ] = ldm;
234 ldm->mod_op = LDAP_MOD_BVALUES;
235 ldm->mod_type = mi[ i ].mi_type;
237 make_singlevalued_berval( mi[ i ].mi_val, mi[ i ].mi_len );
242 if ( ldmarr != NULL ) {
243 ldmarr[ nattrs ] = NULL;
245 /* Perform the operation */
247 LDAP_LOG ( OPERATION, ARGS,
248 "op_ldap_add: replica %s:%d - add dn \"%s\"\n",
249 ri->ri_hostname, ri->ri_port, re->re_dn );
251 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - add dn \"%s\"\n",
252 ri->ri_hostname, ri->ri_port, re->re_dn );
254 rc = ldap_add_s( ri->ri_ldp, re->re_dn, ldmarr );
256 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
257 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
261 *errmsg = "No modifications to do";
263 LDAP_LOG ( OPERATION, ERR,
264 "op_ldap_add: Error: no mods to do (%s)!\n", re->re_dn, 0, 0 );
266 Debug( LDAP_DEBUG_ANY,
267 "Error: op_ldap_add: no mods to do (%s)!\n", re->re_dn, 0, 0 );
270 free_ldmarr( ldmarr );
278 * Perform an ldap modify operation.
280 #define AWAITING_OP -1
290 int state; /* This code is a simple-minded state machine */
291 int nvals; /* Number of values we're modifying */
292 int nops; /* Number of LDAPMod structs in ldmarr */
293 LDAPMod *ldm = NULL, **ldmarr;
303 if ( re->re_mods == NULL ) {
304 *errmsg = "No arguments given";
306 LDAP_LOG ( OPERATION, ERR,
307 "op_ldap_modify: Error: no arguments\n" , 0, 0, 0 );
309 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modify: no arguments\n",
316 * Construct a null-terminated array of LDAPMod structs.
318 for ( mi = re->re_mods, i = 0; mi[ i ].mi_type != NULL; i++ ) {
319 type = mi[ i ].mi_type;
320 value = mi[ i ].mi_val;
321 len = mi[ i ].mi_len;
322 switch ( getmodtype( type )) {
324 state = T_MODSEP; /* Got a separator line "-\n" */
328 ldmarr = ( LDAPMod ** )
329 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
330 ldmarr[ nops ] = ldm = alloc_ldapmod();
331 ldm->mod_op = LDAP_MOD_ADD | LDAP_MOD_BVALUES;
332 ldm->mod_type = value;
337 state = T_MODOPREPLACE;
338 ldmarr = ( LDAPMod ** )
339 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
340 ldmarr[ nops ] = ldm = alloc_ldapmod();
341 ldm->mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
342 ldm->mod_type = value;
347 state = T_MODOPDELETE;
348 ldmarr = ( LDAPMod ** )
349 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
350 ldmarr[ nops ] = ldm = alloc_ldapmod();
351 ldm->mod_op = LDAP_MOD_DELETE | LDAP_MOD_BVALUES;
352 ldm->mod_type = value;
356 case T_MODOPINCREMENT:
357 state = T_MODOPINCREMENT;
358 ldmarr = ( LDAPMod ** )
359 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
360 ldmarr[ nops ] = ldm = alloc_ldapmod();
361 ldm->mod_op = LDAP_MOD_INCREMENT | LDAP_MOD_BVALUES;
362 ldm->mod_type = value;
367 if ( state == AWAITING_OP ) {
369 LDAP_LOG ( OPERATION, ERR,
370 "op_ldap_modify: Error: unknown mod type \"%s\"\n", type, 0, 0 );
372 Debug( LDAP_DEBUG_ANY,
373 "Error: op_ldap_modify: unknown mod type \"%s\"\n",
382 * We should have an attribute: value pair here.
383 * Construct the mod_bvalues part of the ldapmod struct.
385 if ( strcasecmp( type, ldm->mod_type )) {
387 LDAP_LOG ( OPERATION, ERR,
388 "op_ldap_modify: Error: "
389 "malformed modify op, %s: %s (expecting \"%s\")\n",
390 type, value, ldm->mod_type );
392 Debug( LDAP_DEBUG_ANY,
393 "Error: malformed modify op, %s: %s (expecting %s:)\n",
394 type, value, ldm->mod_type );
398 ldm->mod_bvalues = ( struct berval ** )
399 ch_realloc( ldm->mod_bvalues,
400 ( nvals + 2 ) * sizeof( struct berval * ));
401 ldm->mod_bvalues[ nvals + 1 ] = NULL;
402 ldm->mod_bvalues[ nvals ] = ( struct berval * )
403 ch_malloc( sizeof( struct berval ));
404 ldm->mod_bvalues[ nvals ]->bv_val = value;
405 ldm->mod_bvalues[ nvals ]->bv_len = len;
409 ldmarr[ nops ] = NULL;
412 /* Actually perform the LDAP operation */
414 LDAP_LOG ( OPERATION, DETAIL1,
415 "op_ldap_modify: replica %s:%d - modify dn \"%s\"\n",
416 ri->ri_hostname, ri->ri_port, re->re_dn );
418 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - modify dn \"%s\"\n",
419 ri->ri_hostname, ri->ri_port, re->re_dn );
421 rc = ldap_modify_s( ri->ri_ldp, re->re_dn, ldmarr );
422 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
425 free_ldmarr( ldmarr );
433 * Perform an ldap delete operation.
446 LDAP_LOG ( OPERATION, ARGS,
447 "op_ldap_delete: replica %s:%d - delete dn \"%s\"\n",
448 ri->ri_hostname, ri->ri_port, re->re_dn );
450 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - delete dn \"%s\"\n",
451 ri->ri_hostname, ri->ri_port, re->re_dn );
453 rc = ldap_delete_s( ri->ri_ldp, re->re_dn );
454 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
464 * Perform an ldap modrdn operation.
466 #define GOT_NEWRDN 0x1
467 #define GOT_DELOLDRDN 0x2
468 #define GOT_NEWSUP 0x4
470 #define GOT_MODDN_REQ (GOT_NEWRDN|GOT_DELOLDRDN)
471 #define GOT_ALL_MODDN(f) (((f) & GOT_MODDN_REQ) == GOT_MODDN_REQ)
489 if ( re->re_mods == NULL ) {
490 *errmsg = "No arguments given";
492 LDAP_LOG ( OPERATION, ERR,
493 "op_ldap_modrdn: Error: no arguments\n" , 0, 0, 0 );
495 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: no arguments\n",
502 * Get the arguments: should see newrdn: and deleteoldrdn: args.
504 for ( mi = re->re_mods, i = 0; mi[ i ].mi_type != NULL; i++ ) {
505 if ( !strcmp( mi[ i ].mi_type, T_NEWRDNSTR )) {
506 if( state & GOT_NEWRDN ) {
508 LDAP_LOG ( OPERATION, ERR,
509 "op_ldap_modrdn: Error: multiple newrdn arg \"%s\"\n",
510 mi[ i ].mi_val, 0, 0 );
512 Debug( LDAP_DEBUG_ANY,
513 "Error: op_ldap_modrdn: multiple newrdn arg \"%s\"\n",
514 mi[ i ].mi_val, 0, 0 );
516 *errmsg = "Multiple newrdn argument";
520 newrdn = mi[ i ].mi_val;
523 } else if ( !strcmp( mi[ i ].mi_type, T_DELOLDRDNSTR )) {
524 if( state & GOT_DELOLDRDN ) {
526 LDAP_LOG ( OPERATION, ERR,
527 "op_ldap_modrdn: Error: multiple deleteoldrdn arg \"%s\"\n",
528 mi[ i ].mi_val, 0, 0 );
530 Debug( LDAP_DEBUG_ANY,
531 "Error: op_ldap_modrdn: multiple deleteoldrdn arg \"%s\"\n",
532 mi[ i ].mi_val, 0, 0 );
534 *errmsg = "Multiple newrdn argument";
538 state |= GOT_DELOLDRDN;
539 if ( !strcmp( mi[ i ].mi_val, "0" )) {
541 } else if ( !strcmp( mi[ i ].mi_val, "1" )) {
545 LDAP_LOG ( OPERATION, ERR,
546 "op_ldap_modrdn: Error: bad deleteoldrdn arg \"%s\"\n",
547 mi[ i ].mi_val, 0, 0 );
549 Debug( LDAP_DEBUG_ANY,
550 "Error: op_ldap_modrdn: bad deleteoldrdn arg \"%s\"\n",
551 mi[ i ].mi_val, 0, 0 );
553 *errmsg = "Incorrect argument to deleteoldrdn";
557 } else if ( !strcmp( mi[ i ].mi_type, T_NEWSUPSTR )) {
558 if( state & GOT_NEWSUP ) {
560 LDAP_LOG ( OPERATION, ERR,
561 "op_ldap_modrdn: Error: multiple newsuperior arg \"%s\"\n",
562 mi[ i ].mi_val, 0, 0 );
564 Debug( LDAP_DEBUG_ANY,
565 "Error: op_ldap_modrdn: multiple newsuperior arg \"%s\"\n",
566 mi[ i ].mi_val, 0, 0 );
568 *errmsg = "Multiple newsuperior argument";
572 newsup = mi[ i ].mi_val;
577 LDAP_LOG ( OPERATION, ERR,
578 "op_ldap_modrdn: Error: bad type \"%s\"\n",
579 mi[ i ].mi_type, 0, 0 );
581 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: bad type \"%s\"\n",
582 mi[ i ].mi_type, 0, 0 );
584 *errmsg = "Bad value in replication log entry";
590 * Punt if we don't have all the args.
592 if ( !GOT_ALL_MODDN(state) ) {
594 LDAP_LOG ( OPERATION, ERR,
595 "op_ldap_modrdn: Error: missing arguments\n" , 0, 0, 0 );
597 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: missing arguments\n",
600 *errmsg = "Missing argument: requires \"newrdn\" and \"deleteoldrdn\"";
605 if ( ldap_debug & LDAP_DEBUG_ARGS ) {
608 int buf2len = strlen( re->re_dn ) + strlen( mi->mi_val ) + 11;
610 snprintf( buf, sizeof(buf), "%s:%d", ri->ri_hostname, ri->ri_port );
612 buf2 = (char *) ch_malloc( buf2len );
613 snprintf( buf2, buf2len, "(\"%s\" -> \"%s\")", re->re_dn, mi->mi_val );
616 LDAP_LOG ( OPERATION, ARGS,
617 "op_ldap_modrdn: replica %s - modify rdn %s (flag: %d)\n",
618 buf, buf2, drdnflag );
620 Debug( LDAP_DEBUG_ARGS,
621 "replica %s - modify rdn %s (flag: %d)\n",
622 buf, buf2, drdnflag );
626 #endif /* LDAP_DEBUG */
631 rc = ldap_rename2_s( ri->ri_ldp, re->re_dn, newrdn, newsup, drdnflag );
633 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
634 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_STRING, errmsg);
642 * Allocate and initialize an ldapmod struct.
645 alloc_ldapmod( void )
649 ldm = ( struct ldapmod * ) ch_malloc( sizeof ( struct ldapmod ));
650 ldm->mod_type = NULL;
651 ldm->mod_bvalues = ( struct berval ** ) NULL;
658 * Free an ldapmod struct associated mod_bvalues. NOTE - it is assumed
659 * that mod_bvalues and mod_type contain pointers to the same block of memory
660 * pointed to by the repl struct. Therefore, it's not freed here.
671 if ( ldm->mod_bvalues != NULL ) {
672 for ( i = 0; ldm->mod_bvalues[ i ] != NULL; i++ ) {
673 free( ldm->mod_bvalues[ i ] );
675 free( ldm->mod_bvalues );
683 * Free an an array of LDAPMod pointers and the LDAPMod structs they point
692 for ( i = 0; ldmarr[ i ] != NULL; i++ ) {
693 free_ldapmod( ldmarr[ i ] );
700 * Create a berval with a single value.
702 static struct berval **
703 make_singlevalued_berval(
709 p = ( struct berval ** ) ch_malloc( 2 * sizeof( struct berval * ));
710 p[ 0 ] = ( struct berval * ) ch_malloc( sizeof( struct berval ));
712 p[ 0 ]->bv_val = value;
713 p[ 0 ]->bv_len = len;
719 * Given a modification type (string), return an enumerated type.
720 * Avoids ugly copy in op_ldap_modify - lets us use a switch statement
727 if ( !strcmp( type, T_MODSEPSTR )) {
730 if ( !strcmp( type, T_MODOPADDSTR )) {
731 return( T_MODOPADD );
733 if ( !strcmp( type, T_MODOPREPLACESTR )) {
734 return( T_MODOPREPLACE );
736 if ( !strcmp( type, T_MODOPDELETESTR )) {
737 return( T_MODOPDELETE );
739 if ( !strcmp( type, T_MODOPINCREMENTSTR )) {
740 return( T_MODOPINCREMENT );
747 * Perform an LDAP unbind operation. If replica is NULL, or the
748 * repl_ldp is NULL, just return LDAP_SUCCESS. Otherwise, unbind,
749 * set the ldp to NULL, and return the result of the unbind call.
756 int rc = LDAP_SUCCESS;
758 if (( ri != NULL ) && ( ri->ri_ldp != NULL )) {
759 rc = ldap_unbind( ri->ri_ldp );
760 if ( rc != LDAP_SUCCESS ) {
762 LDAP_LOG ( OPERATION, ERR,
763 "do_unbind: ldap_unbind failed for %s:%d: %s\n",
764 ri->ri_hostname, ri->ri_port, ldap_err2string( rc ) );
766 Debug( LDAP_DEBUG_ANY,
767 "Error: do_unbind: ldap_unbind failed for %s:%d: %s\n",
768 ri->ri_hostname, ri->ri_port, ldap_err2string( rc ) );
779 * Perform an LDAP bind operation to the replication site given
780 * by replica. If replica->repl_ldp is non-NULL, then we unbind
781 * from the replica before rebinding. It should be safe to call
782 * this to re-connect if the replica's connection goes away
785 * Returns 0 on success, -1 if an LDAP error occurred, and a return
786 * code > 0 if some other error occurred, e.g. invalid bind method.
787 * If an LDAP error occurs, the LDAP error is returned in lderr.
796 int do_tls = ri->ri_tls;
802 LDAP_LOG ( OPERATION, ERR, "do_bind: null ri ptr\n" , 0, 0, 0 );
804 Debug( LDAP_DEBUG_ANY, "Error: do_bind: null ri ptr\n", 0, 0, 0 );
806 return( BIND_ERR_BADRI );
810 if ( ri->ri_ldp != NULL ) {
811 ldrc = ldap_unbind( ri->ri_ldp );
812 if ( ldrc != LDAP_SUCCESS ) {
814 LDAP_LOG ( OPERATION, ERR,
815 "do_bind: ldap_unbind failed: %s\n", ldap_err2string( ldrc ), 0, 0 );
817 Debug( LDAP_DEBUG_ANY,
818 "Error: do_bind: ldap_unbind failed: %s\n",
819 ldap_err2string( ldrc ), 0, 0 );
825 if ( ri->ri_uri != NULL ) { /* new URI style */
827 LDAP_LOG ( OPERATION, ARGS,
828 "do_bind: Initializing session to %s\n",
831 Debug( LDAP_DEBUG_ARGS, "Initializing session to %s\n",
835 ldrc = ldap_initialize( &(ri->ri_ldp), ri->ri_uri);
837 if (ldrc != LDAP_SUCCESS) {
839 LDAP_LOG ( OPERATION, ERR,
840 "do_bind: ldap_initalize (0, %s) failed: %s\n",
841 ri->ri_uri, ldap_err2string(ldrc), 0 );
843 Debug( LDAP_DEBUG_ANY, "Error: ldap_initialize(0, %s) failed: %s\n",
844 ri->ri_uri, ldap_err2string(ldrc), 0 );
846 return( BIND_ERR_OPEN );
848 } else { /* old HOST style */
850 LDAP_LOG ( OPERATION, ARGS,
851 "do_bind: Initializing session to %s:%d\n",
852 ri->ri_hostname, ri->ri_port, 0 );
854 Debug( LDAP_DEBUG_ARGS, "Initializing session to %s:%d\n",
855 ri->ri_hostname, ri->ri_port, 0 );
858 ri->ri_ldp = ldap_init( ri->ri_hostname, ri->ri_port );
859 if ( ri->ri_ldp == NULL ) {
861 LDAP_LOG ( OPERATION, ERR,
862 "do_bind: ldap_init (%s, %d) failed: %s\n",
863 ri->ri_hostname, ri->ri_port, sys_errlist[ errno ] );
865 Debug( LDAP_DEBUG_ANY, "Error: ldap_init(%s, %d) failed: %s\n",
866 ri->ri_hostname, ri->ri_port, sys_errlist[ errno ] );
868 return( BIND_ERR_OPEN );
872 { /* set version 3 */
873 int err, version = 3;
874 err = ldap_set_option(ri->ri_ldp,
875 LDAP_OPT_PROTOCOL_VERSION, &version);
877 if( err != LDAP_OPT_SUCCESS ) {
879 LDAP_LOG ( OPERATION, ERR, "do_bind: "
880 "Error: ldap_set_option(%s, LDAP_OPT_VERSION, 3) failed!\n",
881 ri->ri_hostname, 0, 0 );
883 Debug( LDAP_DEBUG_ANY,
884 "Error: ldap_set_option(%s, LDAP_OPT_VERSION, 3) failed!\n",
885 ri->ri_hostname, NULL, NULL );
888 ldap_unbind( ri->ri_ldp );
890 return BIND_ERR_VERSION;
895 * Set ldap library options to (1) not follow referrals, and
896 * (2) restart the select() system call.
900 err = ldap_set_option(ri->ri_ldp, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
902 if( err != LDAP_OPT_SUCCESS ) {
904 LDAP_LOG ( OPERATION, ERR, "do_bind: "
905 "Error: ldap_set_option(%s, REFERRALS, OFF) failed!\n",
906 ri->ri_hostname, 0, 0 );
908 Debug( LDAP_DEBUG_ANY,
909 "Error: ldap_set_option(%s,REFERRALS, OFF) failed!\n",
910 ri->ri_hostname, NULL, NULL );
912 ldap_unbind( ri->ri_ldp );
914 return BIND_ERR_REFERRALS;
917 ldap_set_option(ri->ri_ldp, LDAP_OPT_RESTART, LDAP_OPT_ON);
920 int err = ldap_start_tls_s(ri->ri_ldp, NULL, NULL);
922 if( err != LDAP_SUCCESS ) {
924 LDAP_LOG ( OPERATION, ERR, "do_bind: "
925 "%s: ldap_start_tls failed: %s (%d)\n",
926 ri->ri_tls == TLS_CRITICAL ? "Error" : "Warning",
927 ldap_err2string( err ), err );
929 Debug( LDAP_DEBUG_ANY,
930 "%s: ldap_start_tls failed: %s (%d)\n",
931 ri->ri_tls == TLS_CRITICAL ? "Error" : "Warning",
932 ldap_err2string( err ), err );
935 if( ri->ri_tls == TLS_CRITICAL ) {
937 ldap_unbind( ri->ri_ldp );
939 return BIND_ERR_TLS_FAILED;
946 switch ( ri->ri_bind_method ) {
947 case LDAP_AUTH_SIMPLE:
949 * Bind with a plaintext password.
952 LDAP_LOG ( OPERATION, ARGS,
953 "do_bind: bind to %s:%d as %s (simple)\n",
954 ri->ri_hostname, ri->ri_port, ri->ri_bind_dn );
956 Debug( LDAP_DEBUG_ARGS, "bind to %s:%d as %s (simple)\n",
957 ri->ri_hostname, ri->ri_port, ri->ri_bind_dn );
959 ldrc = ldap_simple_bind_s( ri->ri_ldp, ri->ri_bind_dn,
961 if ( ldrc != LDAP_SUCCESS ) {
963 LDAP_LOG ( OPERATION, ERR, "do_bind: "
964 "Error: ldap_simple_bind_s for %s:%d failed: %s\n",
965 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ) );
967 Debug( LDAP_DEBUG_ANY,
968 "Error: ldap_simple_bind_s for %s:%d failed: %s\n",
969 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
972 ldap_unbind( ri->ri_ldp );
974 return( BIND_ERR_SIMPLE_FAILED );
980 LDAP_LOG ( OPERATION, ARGS,
981 "do_bind: bind to %s as %s via %s (SASL)\n",
983 ri->ri_authcId ? ri->ri_authcId : "-",
986 Debug( LDAP_DEBUG_ARGS, "bind to %s as %s via %s (SASL)\n",
988 ri->ri_authcId ? ri->ri_authcId : "-",
992 #ifdef HAVE_CYRUS_SASL
993 if( ri->ri_secprops != NULL ) {
994 int err = ldap_set_option(ri->ri_ldp,
995 LDAP_OPT_X_SASL_SECPROPS, ri->ri_secprops);
997 if( err != LDAP_OPT_SUCCESS ) {
999 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1000 "Error: ldap_set_option(%s,SECPROPS,\"%s\") failed!\n",
1001 ri->ri_hostname, ri->ri_secprops, 0 );
1003 Debug( LDAP_DEBUG_ANY,
1004 "Error: ldap_set_option(%s,SECPROPS,\"%s\") failed!\n",
1005 ri->ri_hostname, ri->ri_secprops, NULL );
1007 ldap_unbind( ri->ri_ldp );
1009 return BIND_ERR_SASL_FAILED;
1014 void *defaults = lutil_sasl_defaults( ri->ri_ldp, ri->ri_saslmech,
1015 ri->ri_realm, ri->ri_authcId, ri->ri_password, ri->ri_authzId );
1017 ldrc = ldap_sasl_interactive_bind_s( ri->ri_ldp, ri->ri_bind_dn,
1018 ri->ri_saslmech, NULL, NULL,
1019 LDAP_SASL_QUIET, lutil_sasl_interact, defaults );
1021 lutil_sasl_freedefs( defaults );
1022 if ( ldrc != LDAP_SUCCESS ) {
1024 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1025 "Error: LDAP SASL for %s:%d failed: %s\n",
1026 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ) );
1028 Debug( LDAP_DEBUG_ANY, "Error: LDAP SASL for %s:%d failed: %s\n",
1029 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
1032 ldap_unbind( ri->ri_ldp );
1034 return( BIND_ERR_SASL_FAILED );
1040 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1041 "Error: do_bind: SASL not supported %s:%d\n",
1042 ri->ri_hostname, ri->ri_port, 0 );
1044 Debug( LDAP_DEBUG_ANY,
1045 "Error: do_bind: SASL not supported %s:%d\n",
1046 ri->ri_hostname, ri->ri_port, NULL );
1048 ldap_unbind( ri->ri_ldp );
1050 return( BIND_ERR_BAD_ATYPE );
1055 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1056 "Error: do_bind: unknown auth type \"%d\" for %s:%d\n",
1057 ri->ri_bind_method, ri->ri_hostname, ri->ri_port );
1059 Debug( LDAP_DEBUG_ANY,
1060 "Error: do_bind: unknown auth type \"%d\" for %s:%d\n",
1061 ri->ri_bind_method, ri->ri_hostname, ri->ri_port );
1063 ldap_unbind( ri->ri_ldp );
1065 return( BIND_ERR_BAD_ATYPE );
1071 LDAPControl *ctrls[2];
1075 c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
1076 c.ldctl_value.bv_val = NULL;
1077 c.ldctl_value.bv_len = 0;
1078 c.ldctl_iscritical = 0;
1080 err = ldap_set_option(ri->ri_ldp, LDAP_OPT_SERVER_CONTROLS, &ctrls);
1082 if( err != LDAP_OPT_SUCCESS ) {
1084 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1085 "ldap_set_option(%s, SERVER_CONTROLS, ManageDSAit) failed!\n",
1086 ri->ri_hostname, 0, 0 );
1088 Debug( LDAP_DEBUG_ANY, "Error: "
1089 "ldap_set_option(%s, SERVER_CONTROLS, ManageDSAit) failed!\n",
1090 ri->ri_hostname, NULL, NULL );
1092 ldap_unbind( ri->ri_ldp );
1094 return BIND_ERR_MANAGEDSAIT;
1106 * For debugging. Print the contents of an ldmarr array.
1118 for ( i = 0; ldmarr[ i ] != NULL; i++ ) {
1121 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1122 "Trace (%ld): *** ldmarr[ %d ] contents:\n",
1123 (long) getpid(), i, 0 );
1124 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1125 "Trace (%ld): *** ldm->mod_op: %d\n",
1126 (long) getpid(), ldm->mod_op, 0 );
1127 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1128 "Trace (%ld): *** ldm->mod_type: %s\n",
1129 (long) getpid(), ldm->mod_type, 0 );
1131 Debug( LDAP_DEBUG_TRACE,
1132 "Trace (%ld): *** ldmarr[ %d ] contents:\n",
1133 (long) getpid(), i, 0 );
1134 Debug( LDAP_DEBUG_TRACE,
1135 "Trace (%ld): *** ldm->mod_op: %d\n",
1136 (long) getpid(), ldm->mod_op, 0 );
1137 Debug( LDAP_DEBUG_TRACE,
1138 "Trace (%ld): *** ldm->mod_type: %s\n",
1139 (long) getpid(), ldm->mod_type, 0 );
1141 if ( ldm->mod_bvalues != NULL ) {
1142 for ( j = 0; ( b = ldm->mod_bvalues[ j ] ) != NULL; j++ ) {
1143 msgbuf = ch_malloc( b->bv_len + 512 );
1144 sprintf( msgbuf, "***** bv[ %d ] len = %ld, val = <%s>",
1145 j, b->bv_len, b->bv_val );
1147 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1148 "Trace (%ld):%s\n", (long) getpid(), msgbuf, 0 );
1150 Debug( LDAP_DEBUG_TRACE,
1151 "Trace (%ld):%s\n", (long) getpid(), msgbuf, 0 );
projects / openldap / blob